New YouTube Scam
HTML-код
- Опубликовано: 3 апр 2023
- Hello, my friends! Let's hit 15K likes? Check out my website! enderman.ch
Today I am finally going to show you the RUclips scam mail I've been trying to acquire for the past few months. They finally mailed me impersonating no-reply@youtube.com, including a malware attachment.
If there is interest, I can upload the sample itself in my GitHub repository. Let me know in the comments down below if you'd like to tackle it.
Still got questions? Don't hesitate, send them to contact@enderman.ch!
Hope you have a great day!
#endermanch #youtube #scam 
Наука
This channel was not hacked. I NEED HELP. My channel is about to get terminated. I can't upload any videos for a week. Here's the overview of the situation from my second channel:
ruclips.net/video/AZfNtTLnFtk/видео.html
i swear youtubes getting worse and worse... by 2030 there would be no channel on youtube xd
Damn, I RUclips doesn't care a bout bots and scamming, but it cares about destroying channels. I hope everything will be good with Your channel. Good luck
Well, R.I.P to this channel, it was a good run
@@Yarpopcat08they do care about scams but they don't put enough effort into it, i reported one and it was gone in a day but that was one out of the millions of scam channels
Welp, this happened to other yt creators before, you're not the only one who is having problems in the ytverse.
Pretty sure they literally deepfaked Sundar there
I'm guessing so.
Hi thiojoe 😎
ok
True. It looks like the deepfake's lips don't even sync to the audio, and even then, the audio is quite not very natural.
Yeah, you can notice it very easily
It's actually not a keystroke logger. When you run the file, it steals the browser cookies that keep you logged into RUclips. Once the scammers have the cookies, they can put them into their browser and have access to your account without a password or 2FA. They then change the password and 2FA, and you have lost your account. It's quite effective once the victim falls for the scam.
Some different variations don't steal your browser history or any of that. They steal your cookies and session key, which lets them login even if the password gets changed.
It's basically a RUclips cookie logger. I am safe, I don't use RUclips enough.
@@tubbunny so how do you get rid of it?
@@patrickboyd8937 Cookies?
No matter the variations what the scammers are trying to get at is a session token/key for your account; that is how they would bypass the 2fa.
RUclips. Stop striking Enderman.
We need a petition to make a major policy to never open email files unless requested on most sites.
yes
Yeah, good luck.
Not clicking links or opening attachments is good practice. When I order stuff online, I always log into my account at the shop and download the receipt there.
I would find it odd that the CEO of Google and Alphabet reaching out to their creators. Pretty sure Sundar Pichai would have more important things than to make this video. However, CEO of RUclips is currently Neal Mohan. It would be Neal's responsibility for overseeing RUclips.
Wait, it's not Susan anymore?
@@user-ck1rx1yn7n New enemy basically.
@@user-ck1rx1yn7n Since about a month ago.
@@user-ck1rx1yn7n she stepped down and now we have the person who got dislikes removed and pushed for nfts on youtube as ceo
No he didn't. Dislikes were been removed earlier when Susan was the CEO.
(1:19) I remember seeing a similar thing happen where Google Drive was being abused instead of RUclips. Gmall were smart enough to file those as junk mail as they were sent to many random Gmail addresses.
i still get them lol
I get some [REDACTED] pdfs files, of certain things for no reasons in my email
@@catminer7436 hey, a fellow [big shot]
what exactly is [in there]
@@funduck2015 let's say it was some NSFW things
@@catminer7436 oh, how {boring}
I REALLY HOPE YOUR CHANNEL DOESN’T GET TAKEN DOWN I’VE LEARNED SO MUCH😭😭😭🥺🥺
It would just be very sad if they took his channel down like that..
Yeah, I Am A Really Nerdy Person And These Videos Inspired Me To Be, They Were Funny And I Liked Learning About New Stuff Every Day He Uploaded A VIdeo
I would cry non-stop if Enderman was banned
Wow the CEO himself made a video about the monetization policy change. What a dedicated man.
lol if that actually was legit it would be put on godly rarity
@@Sunny_chips fr
I'm sorry about it. I have been watching your videos for 3 years or so since the COVID-19 lockdown, your videos were really entertaining and educational at the same time. Due to college tests starting from next Saturday, I haven't watched your videos for a while. I hope it will be resolved.
14:00 You can likely use a Hex Editor like HxD instead to remove a bunch of empty bytes (assuming that's what is inflating the file size).
ok
ok
ok thank you information that we totally needed to know 100%
ok
this is actually helpful information thanks
"Download document for Windows"
People that have Linux: 0:19
definitely the based moment of all time
Their deepfake of Sundar changes from a British accent to an American accent halfway through
Such scams feel so legitimate and well as long as they don't screw up over small things like theze
Everybody: fears that their channel could get hacked
Enderman: AHH YES, FINALLY, A SCAM MAIL!
Facts
ruclips.net/video/AZfNtTLnFtk/видео.html
The scammers did know the time that he was going to be striked.
It's actually pretty scary to see what hackers/scammers can do these days, wow...
This isn't that well set up but yeah -- they could've done better
@@UCyAn7sD-VHF2H9KDasGpUng i would definitely believe that
yes
Like girls on instagram >D
They even use similar looking characters called "cyrillic characters" to impersonate official e-mail addresses, so most people couldn't spot any difference unless they do some checking using the "unicode identifier"
I hate it when cybercriminals try to impersonate a real company
fr
fr
fr
Ong
fr
11:45 also deactivate from any other login session using the non-infected device (a phone for eg). The stealer uploads session cookies which works in some site even after password change.
How are they sending emails from the RUclips domain? Also, so much for the "Scanned by Gmail" feature doing absolutely nothing regarding this. With a company as large as Google you'd think they could run a virus check for larger files. Of course though scammers will just artificially increase the file size even more to combat that.
I actually found the answer to this question from a comment in another video. I'll copy and paste it here for convivence.
Original Commenter: Ignelis
Comment Source: "The Latest RUclips Malware Scam" from John Hammond
"Hi John, they used a share function in RUclips. So they have a private video, so you can't see it, but the thing with private videos is that you can give access to someone. So they add your and other youtubers emails, so you would get this email from youtube, stating that this and this channel shared a video with you. In the email you can see description and title of the video. Once you receive that email - the scammers just remove access so you can't see it, that's why it says the video is private, but you got email from official youtube domain."
@@GavAttackO but then how would the archive get attached to that e-mail?
@@realcomputerdude100 its in the description of the video?
@@amongsussyballs I've never heard of being able to attach a file inside the description of a RUclips video.
A link to the file, I could understand. But the file was attached *in the e-mail.*
We need Linus Sebastian and LMG to watch this now.
Btw, run it on a Linux or Mac system with wine to see what it can do.
"hey, if you do not sign the document you are banned from RUclips, also we do not have a linux/mac version"
I would love to see the OSFirstTimer guy try the latter! After all, he did respond to phone-based tech support scams that say his Windows computer has a virus, saying "Sorry, I use Ubuntu".
Run ît on a Windows computer
@@yliassloudtech348 i can't as I don't have windows and I wouldn't as ik what it does.
you can do the same in a VM
(Slow clapping)
Way to go, scammers.
We should be able to set an anti-phishing code/passphrase on sites, so that when a real email comes from the company it contains this code. If it does not contain the passphrase we set, it should ring a bell that it’s a phishing/scam email.
This isn't anything private, but usually, that would be your RUclips channel name in this case, to at least prove its for you and not just spam.
Somehow this isn’t official, it’s a fake message which is a scam.
I wonder if they shared a private video with the description as the scam message. Would make sense why it says Shared a video with you
.scr also prevents window's smartscreen from coming up when running it.
Time to make this extension non-executable in the registry.
Я не могу не пожелать тебе удачи выжить в этом недоразумении Ютуба. Ты стал жертвой людей, которые ради своей забавы хотят удалить все твои каналы, думая, что они всесильные. Справедливость должна восторжествовать, и я надеюсь, что
этой ситуации дадут больше внимания.
ayo! nice video. i miss sometimes old video type like showing how virus works (like petya).
i still like this type but would be cool to see more malware videos!
It's time for a class action lawsuit against RUclips/Google. No mentally stable person would share a video using the share function via email. This makes no sense. Yes it's a feature from the late 2000s but still... This really feels like negligence. Why did this not have been removed years ago?
Wouldn't mind proposing a new notification format for private video sharing to RUclips so it differs from the official messages a lot (this way you can clearly distinguish a video share at a first glance). I am pretty skilled with basic HTML/CSS, so I can compose a new email layout for this.
You might also want to pin a comment with the video here. If that's even possible...
I'm not sure abt the editing rights, but you could also add a "showcasing purposes only" disclaimer into every description, maybe that influences the algorithm.
Good luck, let's hope there will be a real human looking over it before they can terminate you and your communication attempts are more than speaking to a wall.
BTW if You look at the subscriber count, and see that it's fake. Also I don't know they would private the video, they have them public and I would also compare the name (not the display name but the name with the @) with the real and fake RUclips channel.
Screensaver? For me those are AutoCAD scripts. 😉
Starting to think RUclips should move communications to RUclips studio
I noticed after a while that I hadn't gotten any notifications from RUclips about you uploading. That alone had me a little bummed. But when i saw the title to this video. My heart truly started to melt. I absolutely love your videos and simply the thought of your channel being terminated brings a tear to my eye. Hope you get through this with your channel still in tack. I wish only the best for you Andrew 🙏
there is "no_antivirus" in the link LOL
Notice the "confirm=no_antivirus" in the URL. Wonder what that does 🤔.
it skips the antivirus prompt that google drive has
@@yotoprules9361 I know what it does… I was making a joke.
The "Anti-anti VM" i didnt expected that XD
Just a note, the email is actually from RUclips, it's using the share feature to send a video containing that malicious link
Ahh.
I witnessed something similar back in February 22 of that year. This time, it's with Playrix's job inquiry through DeviantArt's Chat.
Big companys like google, youtube(owned by google), amazon, facebook, ... should really just sign their outgoing email using SSL certificates, that user can just look for the little checkmark (or however the users email program/website/app shows it) to see wheter or not the email is real or fake, just like the litle padlock in the browser. But for some reason nobody using SSL email certificates. Wouldn't help in this case but it would help against some types of email spoofing (where they just change the sender adress)
That's why do I think that LTTs rented out their account.
That's some next-level trickery right there
This is why I watch out.
The deep-faking levels here are scary. I think deep-fakes should be illegal.
Nah it's fun
And I like making SpongeBob say the n word
i mean it's only really viable for memes and stuff apart from this, but if you have a keen eye, you would see that the channel isn't official either way
I can see the channel’s fake, but the deepfake is scarily fake.
i might be thinking too simple about this, but can't MS just warn users like if theres a . followed by 3 letters in the name before the actual extention?
Finally a chad who has the taskbar on the top
Have it too lol
Enderman's the type of guy to install windows 11 on a potato
tbh that's exactly 1gb windows
Just noticed, HE WAS USING EDGE OMG
Ah yes, I love when RUclips Team shares a video with me on RUclips.
This video's good to make me forget about polynomials assignment I've got to do.
Hey Enderman, I have a idea. Making an Windows based OS that just launches a program and that's it, and you cant do anything else. We will use Windows PE For this process, I have tried so many times but i get the same error or just bigger errors and i don't have enough brain for it. This is how i imagined: Windows PE Launches from ISO/any boot-able Source, Installs necessary files as like system32 and the libraries, Installs some drivers for the program to run at all, Restarts. Launches the Program and that's it. Could please do a topic on This?
Amazing work to disclose the work of these bad people!
Where do you get your MP3’s from?
i'd like to see the malware! (also i thought you used chrome not edge lol)
When YOU don't TUBE the RUclips, you get scammed. Stay safe guys.
notice how the description is unupdated that’s great.
I already saw something wrong as the file protected as said in the email. Just a rules and policies document why they need to encrypt it
Well, that's called common sense, you got the common sense that it automatically flagged your suspicion into a big BS alarm
That's why all my friends in youtube has a backup channel in odysee, rumble and tilvids
When some russian guy (probably with one of his arms broken) has to tell you not to execute files from e-mails, there is something wrong you had just done.
Can you do "Upgrading" from Windows Longhorn to Windows XP?
(it requires a special application called "Application Verifier")
So did he trashed that phishing e-mail or not?! (I also got a phishing e-mail on my Gmail too yesterday!)
Probably a variant of Redline
hey everyone he has 1 strike WE NED TO HELP HIM NOW
pls if u can pin it
If you listen and look closer at the last bit of the video of the CEO of Google, you can tell it was a voice over the original. His mouth movement and what is said in audio doesn't match.
heck yeah i realized it
If the ceo of Google sent me a video about the policies of RUclips changing I wouldn't believe that in the first place
5:10 if you pay attention to the guy's lips you can see that its not syncing with the voice. giant red flag
5:22 no way the "youtube team" would have only 700 subs
tbh the scariest part is that 700 people were tricked into thinking it's real and subbing to it, or it could be botted
I was listening to one of my playlists on spotify, and I heard your intro music! Is it Drive Slow - Windows 96? Anyways, I love your videos and they have inspired me when creating code. I hope to keep watching your vids.
mrbeast, e-mails, deepfakes, youtube scammers find every possible way to scam
Why does Windows never show extensions by default
But HOW? Google doesn't let you make an account with the same email as another account! How did they bypass this?
The scammer created a channel called RUclips Team and uploaded a deepfake AI video with the text of the email in the video description. Then they use the share function from RUclips to send it to their possible victims. That's why the sender looks legit because it comes from RUclips itself. The email contains the text of the video description and the layout RUclips uses is the same layout they use for official emails. To me, this looks like negligence from Google/RUclips and they should be sued for this.
i love your channel, I hope you don't get taken down
Now we gotta develop a scanner that can scan files that are under 1GB in size.
Or a 1 Exabyte size file
hey enderman i noticed this youtube team account only has 719 subscribers
I don't understand how almost every scam has bad grammar which gives it away.
It is Google Translate
How did you not instantly notice it was a deepfake bruh
I didn't either on first watch, I wasn't really paying close attention but looking back you can notice
Not even a good quality one, the voice sounds so robotic.
fr lol
hello! im really trying to find a good virtual machine. do you have a link to download one?
Software, or what?
@@dark-mode. whatever allows you to run viruses and shit without it harming your actual computer
@@WinDev101 I agree.
Even since I haven't got anything, looks like I'm good for a moment. Thanks for alerting us!
Hello, I have vmware workstation 17.1, when I turn on the virtual machine, the vmware logo does not appear when I press the esc key to go to BIOS, that is, I installed Windows XP, the Windows logo does not appear, the welcome message appears directly.
"no ones gonna run this file"
i wonder to what happend to linus drop tips
I see what they did. They shared a video via email.
Great to see you uploading again!
I have a question:
If I download a virus that steals my data and uploads it to the user and run the virus, will it work if my internet is disconnected?
You mean "If my internet is disconnected, the attacker will be able to steal my data". If you mean that, the answer is no.
Silver Chariot Requiem is always a problem 😂
Next video pls! Downloading malware on MacBook
Hii sir i have already double click scr file received in mail now my pc restarting problem every 5 min.i run all type scan Malwarebytes or windows defender but not threats detection so now what can i do?
Can i find where is scr virus installed in my folder??
Help me
Reset Windows, my dude.
One way to prevent getting tricked by this type of scam is changing the way .scr files are opened. Create a new action for the scr and set it as default. For me, i created action 'open2' and set it to open 'notepad.exe "c:\Users\Public\screensaver_warning.txt"'. Windows will still launch screen savers normally, just the user will not. Also by right clicking it, you can still launch it using 'Test' action.
dannggggg they tried to hide that harddddd
What program do you use for VMs?
VMware 16
these scammers always thinks that they can get away with their actions lol
They do
Whatever his mouth moves separate to his voice sounds
So, basically, the entire premise of this scam consists of assuming that the file is a PDF file, just because it comes packaged with a PDF icon in the executable. This is combined with completely ignoring the simple fact that this so called "PDF" file just happens to have a .scr extension.
Most pc noobs have file extensions off
That was such an ai voice in Sundar lol 7:11
random question but do you think you'll ever make merch?
RIP Andrew!
i also saw a small korean channel get hacked too 😥
12:46 thats .NET framework (it is just launching that because that scr was a .NET app)
what happened to your "limbo free download" video?
Same question here
Did receive one of these scam emails though, but I knew those were not real because they are sending a file... RUclips dont do that...
yes , unless if we ask for it , as what he said
@@thisusernameistaken. True
Cool video. I had a video idea that is impossible. Install windows on a hdmi cord
is this right? generate me 30 sets of strings in the form of "xxxyy-OEM-NNNNNNN-zzzzz" where "xxx" is day of the year between 001 and 366 (for example, 192 = 10th july) and "yy" is the year (for example, 94=1994). your range is from the first day of 1995 to the last day of 2003. "OEM" mus remain intact the "NNNNNNN" segment consist of digits and must start with 2 zeroes. the rest of the numbers can be anything as long as their sum is divisible by 7 with no remainder. the last segment "zzzzz" should consist of random numbers. "z" representing a number.
He is right be aware on what you do on the internet